Sunday, August 23, 2009

linux pptp configuration with MS vpn

I've been trying for a while to configure pptp to connect to my work vpn which uses an MS vpn server. Turns out configuration is fairly straightforward and that my main issue was really simple actually... anyways, the errors I was getting when trying to debug it were the following:
root@mclittle:/etc/ppp# pon myvpn debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-pap # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name jdoe # (from /etc/ppp/peers/myvpn)
user jdoe # (from /etc/ppp/peers/myvpn)
remotename PPTP # (from /etc/ppp/peers/myvpn)
# (from /etc/ppp/options.pptp)
pty pptp vpn.domain.com --nolaunchpppd # (from /etc/ppp/peers/myvpn)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam myvpn # (from /etc/ppp/peers/myvpn)
proxyarp # (from /etc/ppp/options)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/peers/myvpn)
noipx # (from /etc/ppp/options)
using channel 26
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x556ea98d> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x20e4721> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:e7.d1.73.2d.b1.7b.49.5b.bc.41.b8.ae.36.14.95.be.00.00.00.00]> < 17 04 19 f5>]
No auth is possible
sent [LCP ConfRej id=0x0 <auth eap> <callback CBCP> <mrru 1614> < 17 04 19 f5>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x556ea98d> <pcomp> <accomp>]
rcvd [LCP TermReq id=0x1 02 0e 47 21 00 3c cd 74 00 00 03 97]
sent [LCP TermAck id=0x1]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x556ea98d> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x556ea98d> <pcomp> <accomp>]
^CTerminating on signal 2
sent [LCP TermReq id=0x2 "User request"]
Child process pptp vpn.domain.com --nolaunchpppd (pid 5494) terminated with signal 2
Modem hangup
Connection terminated.
Anyways, here is what I did on an ubuntu system to get it to work, should be pretty much the same for other distributions.

First I am going to go through the information we will need and setup some "variables" so you know where to use them in your configs. I'll post configs with the "variable", and a config with sample data.

Packages Needed:

The followingm packages are needed to be installed:
  • pptpd
  • pptp-linux
  • ppp
These can be installed with the following command:
  • sudo apt-get install ppp pptpd pptp-linux
Config Data Needed:
  • PPTP server name: ${VPN_SERVER}: vpn.doamin.com
  • VPN User Name: ${USERNAME}: jdoe
  • VPN Domain: ${DOMAIN}: USA
  • VPN Password: ${PASSWORD}: jpass
  • Connection name: ${CONFIG_FILE}: myvpn
  • Password Alias: ${PASS_ALIAS}: myvpnalias
Here are the steps to take:
  1. First lets configure our username/password that will be used for the VPN. We will edit /etc/ppp/chap-secrets:
    • SAMPLE:

      ${DOMAIN}\\${USERNAME} ${PASS_ALIAS} ${PASSWORD} *
    • EXAMPLE:

      USA\\jdoe myvpnalias jpass *
  2. Now we will create a connection config file. This file is to be created in /etc/ppp/peers/. With our example data that would mean /etc/ppp/peers/myvpn
    • SAMPLE:

      pty "pptp ${VPN_SERVER} --nolaunchpppd"
      name ${DOMAIN}\\${USERNAME}
      user ${DOMAIN}\\${USERNAME}
      remotename ${PASS_ALIAS}
      require-mppe-128
      file /etc/ppp/options.pptp
      ipparam ${CONFIG_FILE}
    • EXAMPLE:

      pty "pptp vpn.domain.com --nolaunchpppd"
      name USA\\jdoe
      user USA\\jdoe
      remotename myvpnalias
      require-mppe-128
      file /etc/ppp/options.pptp
      ipparam myvpn
  3. We can now connect to our pptp server:
    • pon ${CONFIG_FILE}
    • pon myvpn
      • Watch your /var/log/messages file on the status of your connection
      • When connected, you should have a new IP provided by the VPN server on a ppp0 device
  4. To disconnect your vpn connection:
    • poff ${CONFIG_FILE}
    • poff myvpn
Troubleshooting:

If you are not getting connected, you can start your pptp with the following command for debugging output:
  • pon ${CONFIG_FILE} debug dump logfd 2 detach
  • pon myvpn debug dump logfd 2 detach
References:
Posted by at
Labels: , , ,

2 comments:

Unknown said...

I think there is a typo in the 5th line of your configutaion script





(VPN server)

October 26, 2009 at 6:30 AM
Jake said...

Are you referring to 'require-mppe-128'?

My example is on an Ubuntu 9.10 NBR system. Older versions of linux may not have support for 'require-mppe-128'.

Also, there are many different ppp packages which each have different options/syntax. I am using the default that comes with said Ubuntu version above.

http://pptpclient.sourceforge.net/howto-diagnosis.phtml#pppd_options

If that is not your issue, what line specifically are you having issues with?

Everything in here is a copy/paste of what I have which works for me ... obviously tweeked with different servers/usernames/passwords etc.

November 6, 2009 at 10:04 AM

Post a Comment

Subscribe to: Post Comments (Atom)